CVE-2015-1827

The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups.
Configurations

Configuration 1 (hide)

cpe:2.3:a:freeipa:freeipa:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

History

12 Feb 2023, 23:15

Type Values Removed Values Added
Summary It was discovered that the IPA extdom Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for a list of groups for a user that belongs to a large number of groups would cause a Directory Server to crash. The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups.
References
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:0728', 'name': 'https://access.redhat.com/errata/RHSA-2015:0728', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2015-1827', 'name': 'https://access.redhat.com/security/cve/CVE-2015-1827', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 20:20

Type Values Removed Values Added
Summary The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups. It was discovered that the IPA extdom Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for a list of groups for a user that belongs to a large number of groups would cause a Directory Server to crash.
References
  • (MISC) https://access.redhat.com/errata/RHSA-2015:0728 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2015-1827 -

Information

Published : 2015-03-30 14:59

Updated : 2023-12-10 11:31


NVD link : CVE-2015-1827

Mitre link : CVE-2015-1827

CVE.ORG link : CVE-2015-1827


JSON object : View

Products Affected

fedoraproject

  • fedora

freeipa

  • freeipa
CWE
CWE-19

Data Processing Errors